Do in parallel the two sets of steps - first one deals with software and the second one with networking:
- Download appropriate Armbian version
- Flash to SD card using Etcher
- Put SD card in device, connect to internet and power
- Wait a bit, find device assigned IP (for example with
arp-scan
), connect with ssh androot:1234
- set a root password following prompts and remember it. Don't make account (
ctrl+c
when it asks) sudo armian-config
> System > Install to eMMC > ext4 filesystem > wait 15 minutes... > accept power off > take SD card off > turn on- sudo
armiban-config
> Personal > timezone to Sofia and hostame tomagare#
- Make a
magare#.otselo.eu
entry inproduction
- Make an
A
DNS record for the new magare (magare#.otselo.eu
) - Add a crontab rule for root:
curl -4 "https://magare#.otselo.eu:pass@dyn.dns.he.net/nic/update?hostname=magare#.otselo.eu"
, wherepass
is taken from DNS console - Add a new entry to
couchdb-cluster.yaml
- Configure tunneling (through router for example), make sure host is reachable on
magare#.otselo.eu
, ideally Demilitarized Host (all traffic forwarded to it), otherwise ports22, 80, 443, 4369, 6984, 9100-9200
ansible-playbook magareta.yaml -l "magare#.otselo.eu" --ask-vault-pass --ask-pass
Make sure user onmagareta
has passwordless sudo access:
echo " ALL = (root) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/
ansible-playbook couchdb.yaml -e @couchdb_variables.yaml --ask-vault-pass
Where couchdb_variables.yaml
is a YAML file in the current directory with admin_user
, admin_password
and cookie
(ideally admin_password
and cookie
are encrypted with Ansible)
Intially do:
cd design-documents ./update-version-control.sh "" $BUCKET user_colon_password.txt update.js validate.js
Then to update the design documents, specify a revision as the first argument instead of ""
ansible-galaxy install ipr-cnrs.nftables ansible-galaxy install geerlingguy.certbot
Each magare runs HAProxy on ports [80,443] and CouchDB on a random port. Each magare's HAProxy is configured to distribute traffic directly to the CouchDBs. That way if one magare fails, another can take over magare.otselo.eu
(TODO).